An FPGA-Based Algorithm to Accelerate Regular Expression Matching
State-of-the-art Network Intrusion Detection Systems (NIDSs) use regular expressions (REs) to detect attacks or vulnerabilities. In order to keep up with the ever-increasing speed, more and more NIDSs need to be implemented by dedicated hardware. A major bottleneck is that NIDSs scan incoming packet...
Saved in:
| Published in | Security, Privacy, and Anonymity in Computation, Communication, and Storage Vol. 10658; pp. 424 - 434 |
|---|---|
| Main Authors | , , , , , |
| Format | Book Chapter |
| Language | English |
| Published |
Switzerland
Springer International Publishing AG
2017
Springer International Publishing |
| Series | Lecture Notes in Computer Science |
| Subjects | |
| Online Access | Get full text |
| ISBN | 9783319723945 3319723944 |
| ISSN | 0302-9743 1611-3349 |
| DOI | 10.1007/978-3-319-72395-2_39 |
Cover
| Abstract | State-of-the-art Network Intrusion Detection Systems (NIDSs) use regular expressions (REs) to detect attacks or vulnerabilities. In order to keep up with the ever-increasing speed, more and more NIDSs need to be implemented by dedicated hardware. A major bottleneck is that NIDSs scan incoming packets just byte by byte, which greatly limits their throughput. Besides, huge memory consumption limits it’s practicability. In this paper, we propose an algorithm for regular expression matching that consumes multiple characters per time while maintaining memory efficiency. It includes 3 ideas: (1) top-k state extraction; (2) variable-stride acceleration; (3) DFA compression. We tested our algorithm on several real-life RE rulesets. The experimental results show that it achieves good performance on both memory efficiency and high throughput. It could achieve 14–22x efficiency ratio than the original DFA on Bro and Snort rulesets, and 2–7x efficiency ratio than the original DFA on l7_filter ruleset. |
|---|---|
| AbstractList | State-of-the-art Network Intrusion Detection Systems (NIDSs) use regular expressions (REs) to detect attacks or vulnerabilities. In order to keep up with the ever-increasing speed, more and more NIDSs need to be implemented by dedicated hardware. A major bottleneck is that NIDSs scan incoming packets just byte by byte, which greatly limits their throughput. Besides, huge memory consumption limits it’s practicability. In this paper, we propose an algorithm for regular expression matching that consumes multiple characters per time while maintaining memory efficiency. It includes 3 ideas: (1) top-k state extraction; (2) variable-stride acceleration; (3) DFA compression. We tested our algorithm on several real-life RE rulesets. The experimental results show that it achieves good performance on both memory efficiency and high throughput. It could achieve 14–22x efficiency ratio than the original DFA on Bro and Snort rulesets, and 2–7x efficiency ratio than the original DFA on l7_filter ruleset. |
| Author | Jiang, Lei Yang, Jiajia Su, Majing Bhuiyan, Md Zakirul Alam Bai, Xu Dai, Qiong |
| Author_xml | – sequence: 1 givenname: Jiajia surname: Yang fullname: Yang, Jiajia organization: School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China – sequence: 2 givenname: Lei surname: Jiang fullname: Jiang, Lei email: jianglei@iie.ac.cn organization: School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China – sequence: 3 givenname: Xu surname: Bai fullname: Bai, Xu organization: School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China – sequence: 4 givenname: Qiong surname: Dai fullname: Dai, Qiong organization: School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China – sequence: 5 givenname: Majing surname: Su fullname: Su, Majing organization: School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China – sequence: 6 givenname: Md Zakirul Alam surname: Bhuiyan fullname: Bhuiyan, Md Zakirul Alam organization: Department of Computer and Information Sciences, Fordham University, Bronx, USA |
| BookMark | eNqNkMtOwzAQRQ0URFv6ByzyAwY_Y3sZqrYggUAI1pbjTB8QkmCnEp-P2yIkdqxGuqMzjzNCg6ZtAKFLSq4oIeraKI055tRgxbiRmFlujtAkxTyF-4wdoyHNKcWcC3PypyfkAA0JJwwbJfgZGlGS51RrreQ5msT4RgihJvUZG6KiaLL506LANy5ClRX1qg2bfv2R9W1WeA81BNdD9gyrbe1CNvvqAsS4aZvswfV-vWlWF-h06eoIk586Rq_z2cv0Ft8_Lu6mxT3uGOEGcy2IlAwIeOXLKi8r5T2jxji1VJqCNERRlS7NS1iKMr3mHANQrJJaVEbxMWKHubELaS0EW7bte7SU2J00mwxYbpMDuxdkd9ISJA5QF9rPLcTewo7y0PTB1X7tuh5CtDnTOSPSSs2t4OK_mJSGEp7_Yt8paXxx |
| ContentType | Book Chapter |
| Copyright | Springer International Publishing AG 2017 |
| Copyright_xml | – notice: Springer International Publishing AG 2017 |
| DBID | FFUUA |
| DOI | 10.1007/978-3-319-72395-2_39 |
| DatabaseName | ProQuest Ebook Central - Book Chapters - Demo use only |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9783319723952 3319723952 |
| EISSN | 1611-3349 |
| Editor | Yan, Zheng Choo, Kim-Kwang Raymond Wang, Guojun Atiquzzaman, Mohammed |
| Editor_xml | – sequence: 1 fullname: Choo, Kim-Kwang Raymond – sequence: 2 fullname: Yan, Zheng – sequence: 3 fullname: Wang, Guojun – sequence: 4 fullname: Atiquzzaman, Mohammed |
| EndPage | 434 |
| ExternalDocumentID | EBC6286205_583_434 EBC5591036_583_434 |
| GroupedDBID | 0D6 0DA 38. AABBV AALVI ABBVZ ABHTH ABQUB ACDJR AEDXK AEJLV AEKFX AETDV AEZAY AGIGN AGYGE AIODD ALBAV ALMA_UNASSIGNED_HOLDINGS AZZ BATQV BBABE CVWCR CZZ FFUUA I4C IEZ SBO SWYDZ TPJZQ TSXQS Z7R Z7S Z7U Z7X Z7Y Z7Z Z81 Z83 Z84 Z85 Z88 -DT -GH -~X 1SB 29L 2HA 2HV 5QI 875 AASHB ABMNI ACGFS ADCXD AEFIE EJD F5P FEDTE HVGLF LAS LDH P2P RNI RSU SVGTG VI1 ~02 |
| ID | FETCH-LOGICAL-p2039-3840552e0ec7cbd6bd7cc2199a7f781e5907170666bef4b611aa2ee72d584d973 |
| ISBN | 9783319723945 3319723944 |
| ISSN | 0302-9743 |
| IngestDate | Wed Sep 17 03:15:34 EDT 2025 Thu May 29 16:46:17 EDT 2025 Thu May 29 00:19:30 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| LCCallNum | QA76.9.A25QA76.9.A25 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-p2039-3840552e0ec7cbd6bd7cc2199a7f781e5907170666bef4b611aa2ee72d584d973 |
| OCLC | 1066188875 1197571147 |
| PQID | EBC5591036_583_434 |
| PageCount | 11 |
| ParticipantIDs | springer_books_10_1007_978_3_319_72395_2_39 proquest_ebookcentralchapters_6286205_583_434 proquest_ebookcentralchapters_5591036_583_434 |
| PublicationCentury | 2000 |
| PublicationDate | 2017 |
| PublicationDateYYYYMMDD | 2017-01-01 |
| PublicationDate_xml | – year: 2017 text: 2017 |
| PublicationDecade | 2010 |
| PublicationPlace | Switzerland |
| PublicationPlace_xml | – name: Switzerland – name: Cham |
| PublicationSeriesSubtitle | Information Systems and Applications, incl. Internet/Web, and HCI |
| PublicationSeriesTitle | Lecture Notes in Computer Science |
| PublicationSeriesTitleAlternate | Lect.Notes Computer |
| PublicationSubtitle | SpaCCS 2017 International Workshops, Guangzhou, China, December 12-15, 2017, Proceedings |
| PublicationTitle | Security, Privacy, and Anonymity in Computation, Communication, and Storage |
| PublicationYear | 2017 |
| Publisher | Springer International Publishing AG Springer International Publishing |
| Publisher_xml | – name: Springer International Publishing AG – name: Springer International Publishing |
| RelatedPersons | Kleinberg, Jon M. Mattern, Friedemann Naor, Moni Mitchell, John C. Terzopoulos, Demetri Steffen, Bernhard Pandu Rangan, C. Kanade, Takeo Kittler, Josef Weikum, Gerhard Hutchison, David Tygar, Doug |
| RelatedPersons_xml | – sequence: 1 givenname: David surname: Hutchison fullname: Hutchison, David organization: Lancaster University, Lancaster, United Kingdom – sequence: 2 givenname: Takeo surname: Kanade fullname: Kanade, Takeo organization: Carnegie Mellon University, Pittsburgh, USA – sequence: 3 givenname: Josef surname: Kittler fullname: Kittler, Josef organization: University of Surrey, Guildford, United Kingdom – sequence: 4 givenname: Jon M. surname: Kleinberg fullname: Kleinberg, Jon M. organization: Cornell University, Ithaca, USA – sequence: 5 givenname: Friedemann surname: Mattern fullname: Mattern, Friedemann organization: ETH Zurich, Zurich, Switzerland – sequence: 6 givenname: John C. surname: Mitchell fullname: Mitchell, John C. organization: Stanford University, Stanford, USA – sequence: 7 givenname: Moni surname: Naor fullname: Naor, Moni organization: Weizmann Institute of Science, Rehovot, Israel – sequence: 8 givenname: C. surname: Pandu Rangan fullname: Pandu Rangan, C. organization: Indian Institute of Technology, Chennai, India – sequence: 9 givenname: Bernhard surname: Steffen fullname: Steffen, Bernhard organization: TU Dortmund University, Dortmund, Germany – sequence: 10 givenname: Demetri surname: Terzopoulos fullname: Terzopoulos, Demetri organization: University of California, Los Angeles, USA – sequence: 11 givenname: Doug surname: Tygar fullname: Tygar, Doug organization: University of California, Berkeley, USA – sequence: 12 givenname: Gerhard surname: Weikum fullname: Weikum, Gerhard organization: Max Planck Institute for Informatics, Saarbrücken, Germany |
| SSID | ssj0001930222 ssj0002792 |
| Score | 1.5003718 |
| Snippet | State-of-the-art Network Intrusion Detection Systems (NIDSs) use regular expressions (REs) to detect attacks or vulnerabilities. In order to keep up with the... |
| SourceID | springer proquest |
| SourceType | Publisher |
| StartPage | 424 |
| SubjectTerms | Deep Packet Inspection DFA FPGA NIDS Regular expression matching |
| Title | An FPGA-Based Algorithm to Accelerate Regular Expression Matching |
| URI | http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=5591036&ppg=434 http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=6286205&ppg=434 http://link.springer.com/10.1007/978-3-319-72395-2_39 |
| Volume | 10658 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1Lj9MwELa65YI48BYsD_nArQpqYztODhwC6rKquiuQdlE5WYnjdougXW1TBPwp_iIzfiRpWQktlyi1rMTxl3pmvsw3JuRVyrVI52wezQXAwAsuIuTLIoObWmVJwUa22PPJaXJ8ziczMev1fneylrZ1-Vr_ulZX8j-oQhvgiirZGyDbXBQa4BzwhSMgDMc953eXZnUaDr_znPUDr5bfC_0zpGK6mB79a6vpw30bXBIHsqJdRUiTuwmRd7FoMP7sSeTJsviybNZt-OWap2bZEqA2G2C2bRlv2_ARLr7ovo75anD04X0evQWrCQP8uljD2C--oeubaw22D0tWANgLmxY7_uHzc1eDE7AVF8G-4qyazZup__Bxuq5tPtkg7E0RlqoulzGSe1xG4DL32NCWkNsJfhmzW6ZlrhxlEIHBAg8hklszjVvTE6zUyFxlVL9Ocyfc9iafOz71L2vSTSBBsRfeTUSxYtkBOYAB9MmtfDyZfmpJvYxhAN24Alid0X3GcqNCcVEYtatK2XmKjrDzulvuhEB7X-2tM3R2j9xBgQxF5QrM333SM6sH5G6AgHoIHpI8X9EWc9pgTus1bTGnHnPaYk4D5o_I-dH47N1x5HfsiC5jTClgKfj_IjZDo6Uuq6SspNZgE7NCzmU6MiJD-gBD5tLMeQnAFEVsjIwr8IOrTLLHpA__EPOEUJgVOawgvE-GnFdJlsWFkDyWMS-14Ew_JVGYDmXzCnwys3YPv1EQKo_APVMiZQoA_md_1GjHQ9H2H4Q5Vth9o0KBbwBHMQXgKAuOQnAOb9T7Gbndvv3PSb--2poX4NvW5Uv_Rv0B-aSXdQ |
| linkProvider | Library Specific Holdings |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Security%2C+Privacy%2C+and+Anonymity+in+Computation%2C+Communication%2C+and+Storage&rft.au=Yang%2C+Jiajia&rft.au=Jiang%2C+Lei&rft.au=Bai%2C+Xu&rft.au=Dai%2C+Qiong&rft.atitle=An+FPGA-Based+Algorithm+to+Accelerate+Regular+Expression+Matching&rft.series=Lecture+Notes+in+Computer+Science&rft.date=2017-01-01&rft.pub=Springer+International+Publishing&rft.isbn=9783319723945&rft.issn=0302-9743&rft.eissn=1611-3349&rft.spage=424&rft.epage=434&rft_id=info:doi/10.1007%2F978-3-319-72395-2_39 |
| thumbnail_s | http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F5591036-l.jpg http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F6286205-l.jpg |